Ralph B wrote:
I've tried to set up spamassissin approximately as described in
http://wiki.apache.org/spamassassin/SiteWideBayesSetup.
When my users (only 5 of us) receive a spam we redirect it to
[EMAIL PROTECTED] Periodically I do a "sa-learn --showdots --mbox --spam
/home/spam/mbox" from root.
Spamassassin's local.cf contains:
required_hits 5
rewrite_subject 1
subject_tag [SPAM]
Are you using a *REALLY* old spamassassin? if not, rewrite_subject and
subject_tag become obsolete as of SpamAssassin 3.0.0.
The current format is
rewrite_header Subject [SPAM]
However, none of that is relevant under mailscanner, so I'd just delete the
rewrite_subject and subject_tag lines. They're ancient, so SpamAssassin won't
understand them (and will generate lint warnings on them), and MailScanner
over-rides them.
While you're at it, you might want to run spamassassin --lint to see if there
are any other configfile errors.
report_safe 0
bayes_path /etc/mail/spamassassin/bayes/bayes
bayes_file_mode 0777
use_bayes 1
That should create a global bayes db for all invocations of SpamAssassin.. What
are the permissions on the directory /etc/mail/spamassassin/bayes/? Are they
777? (note: I'm asking about the directory, not the files in it)
And each user has a .procmailrc with contents
MAILDIR=$HOME/mail
:0 H
* ^X-Spam-Status: Yes
{
EXITCODE=67
:0:
spam
}
This all seems to work OK, with most spams successfully being marked as
[SPAM] (for BAYES_99) and then dumped in user's spam folder.
However, when I occasionally visit the mbox of user "spam", I find that
many more mails are identified as [SPAM] than are at the users' own
mboxes.
i.e. User "fred" sees spam which is NOT identified as [SPAM], he redirects
it to user "spam" and, for user "spam" it IS identified as [SPAM].
So, my question is, why is filtering working better for user "spam" than
for the other users? And how do I get the other users' mboxes filtered so
well as user "spam"?
My guess is your redirects aren't really transparent, and are rewriting the
headers. Have you checked to make sure the original headers (ie: Received:) are
unmodified?
If the headers are replaced, this mechanism is essentially training SpamAssassin
that redirected mail is spam. Which means every time a message gets redirected,
it looks a lot more like spam than it did before..